Bring some auth utils here

Author: magik6k

auth/auth.go

@@ -0,0 +1,79 @@
+package auth
+
+import (
+	"context"
+	"reflect"
+
+	"golang.org/x/xerrors"
+)
+
+type Permission string
+
+type permKey int
+
+var permCtxKey permKey
+
+func WithPerm(ctx context.Context, perms []Permission) context.Context {
+	return context.WithValue(ctx, permCtxKey, perms)
+}
+
+func HasPerm(ctx context.Context, defaultPerms []Permission, perm Permission) bool {
+	callerPerms, ok := ctx.Value(permCtxKey).([]Permission)
+	if !ok {
+		callerPerms = defaultPerms
+	}
+
+	for _, callerPerm := range callerPerms {
+		if callerPerm == perm {
+			return true
+		}
+	}
+	return false
+}
+
+func PermissionedProxy(validPerms, defaultPerms []Permission, in interface{}, out interface{}) {
+	rint := reflect.ValueOf(out).Elem()
+	ra := reflect.ValueOf(in)
+
+	for f := 0; f < rint.NumField(); f++ {
+		field := rint.Type().Field(f)
+		requiredPerm := Permission(field.Tag.Get("perm"))
+		if requiredPerm == "" {
+			panic("missing 'perm' tag on " + field.Name) // ok
+		}
+
+		// Validate perm tag
+		ok := false
+		for _, perm := range validPerms {
+			if requiredPerm == perm {
+				ok = true
+				break
+			}
+		}
+		if !ok {
+			panic("unknown 'perm' tag on " + field.Name) // ok
+		}
+
+		fn := ra.MethodByName(field.Name)
+
+		rint.Field(f).Set(reflect.MakeFunc(field.Type, func(args []reflect.Value) (results []reflect.Value) {
+			ctx := args[0].Interface().(context.Context)
+			if HasPerm(ctx, defaultPerms, requiredPerm) {
+				return fn.Call(args)
+			}
+
+			err := xerrors.Errorf("missing permission to invoke '%s' (need '%s')", field.Name, requiredPerm)
+			rerr := reflect.ValueOf(&err).Elem()
+
+			if field.Type.NumOut() == 2 {
+				return []reflect.Value{
+					reflect.Zero(field.Type.Out(0)),
+					rerr,
+				}
+			} else {
+				return []reflect.Value{rerr}
+			}
+		}))
+
+	}
+}

auth/handler.go

@@ -0,0 +1,48 @@
+package auth
+
+import (
+	"context"
+	"net/http"
+	"strings"
+
+	logging "github.com/ipfs/go-log/v2"
+)
+
+var log = logging.Logger("auth")
+
+type Handler struct {
+	Verify func(ctx context.Context, token string) ([]Permission, error)
+	Next   http.HandlerFunc
+}
+
+func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	token := r.Header.Get("Authorization")
+	if token == "" {
+		token = r.FormValue("token")
+		if token != "" {
+			token = "Bearer " + token
+		}
+	}
+
+	if token != "" {
+		if !strings.HasPrefix(token, "Bearer ") {
+			log.Warn("missing Bearer prefix in auth header")
+			w.WriteHeader(401)
+			return
+		}
+		token = strings.TrimPrefix(token, "Bearer ")
+
+		allow, err := h.Verify(ctx, token)
+		if err != nil {
+			log.Warnf("JWT Verification failed: %s", err)
+			w.WriteHeader(401)
+			return
+		}
+
+		ctx = WithPerm(ctx, allow)
+	}
+
+	h.Next(w, r.WithContext(ctx))
+}

metrics/metrics.go

@@ -1,6 +1,5 @@
 package metrics
 
-
 import (
 	"go.opencensus.io/stats"
 	"go.opencensus.io/stats/view"
@@ -9,14 +8,14 @@ import (
 
 // Global Tags
 var (
-	RPCMethod, _    = tag.NewKey("method")
+	RPCMethod, _ = tag.NewKey("method")
 )
 
 // Measures
 var (
-	RPCInvalidMethod         = stats.Int64("rpc/invalid_method", "Total number of invalid RPC methods called", stats.UnitDimensionless)
-	RPCRequestError          = stats.Int64("rpc/request_error", "Total number of request errors handled", stats.UnitDimensionless)
-	RPCResponseError         = stats.Int64("rpc/response_error", "Total number of responses errors handled", stats.UnitDimensionless)
+	RPCInvalidMethod = stats.Int64("rpc/invalid_method", "Total number of invalid RPC methods called", stats.UnitDimensionless)
+	RPCRequestError  = stats.Int64("rpc/request_error", "Total number of request errors handled", stats.UnitDimensionless)
+	RPCResponseError = stats.Int64("rpc/response_error", "Total number of responses errors handled", stats.UnitDimensionless)
 )
 
 var (
@@ -44,4 +43,3 @@ var DefaultViews = []*view.View{
 	RPCRequestErrorView,
 	RPCResponseErrorView,
 }
-